]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 21df6a6) | patch
EVP_DigestUpdate(): Check if ctx->update is set
authorsashan <anedvedicky@gmail.com>
Thu, 27 Jun 2024 14:31:41 +0000 (16:31 +0200)
committerTomas Mraz <tomas@openssl.org>
Thu, 11 Jul 2024 19:49:41 +0000 (21:49 +0200)
commitafbe30116337bb099e43181b2fe244093af2989a
tree86d3527824cacffc868ec3bc7bf3553e1bc39beetree
parent21df6a68840b1df25dcfc7e5dfdbeef536217cfacommit | diff
EVP_DigestUpdate(): Check if ctx->update is set

The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.

    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1

the issue has been introduced with openssl 3.0.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)

(cherry picked from commit ad33d62396b7e9db04fdf060481ced394d391688)
crypto/evp/digest.c diff | blob | blame | history
test/evp_extra_test.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git